This is the mail archive of the libc-hacker@sources.redhat.com mailing list for the glibc project.
Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Hi! Recent patch to dl-error.c where objname is attempted to be allocated after errstring breaks _dl_open. The issue is that when we free errstring in _dl_open, objname is lost as well. This patch attempts to fix it (at least a program dlopening a non-existant dso no longer segfaults under efence). I've also changed _dl_signal_error, because if the recent patch to it was necessary, then we really cannot store objname because that might be from local stack/user passed, whatever and my change to _dl_open adds another case where objname would point to nowhereland if malloc failed. 2000-12-08 Jakub Jelinek <jakub@redhat.com> * elf/dl-open.c (_dl_open): If objname points right after errstring, allocate it together with errstring using alloca. * elf/dl-error.c (_dl_signal_error): If malloc failed, set objname to "", because it might point to local stack. --- libc/elf/dl-error.c.jj Thu Nov 2 08:50:59 2000 +++ libc/elf/dl-error.c Fri Dec 8 14:55:54 2000 @@ -88,7 +88,7 @@ _dl_signal_error (int errcode, const cha else { /* This is better than nothing. */ - lcatch->objname = objname; + lcatch->objname = ""; lcatch->errstring = _dl_out_of_memory; } longjmp (lcatch->env, errcode ?: -1); --- libc/elf/dl-open.c.jj Thu Nov 2 08:50:59 2000 +++ libc/elf/dl-open.c Fri Dec 8 15:04:18 2000 @@ -391,6 +391,7 @@ _dl_open (const char *file, int mode, co { /* Some error occurred during loading. */ char *local_errstring; + size_t len_errstring; /* Remove the object from memory. It may be in an inconsistent state if relocation failed, for example. */ @@ -399,7 +400,20 @@ _dl_open (const char *file, int mode, co /* Make a local copy of the error string so that we can release the memory allocated for it. */ - local_errstring = strdupa (errstring); + len_errstring = strlen (errstring) + 1; + if (objname == errstring + len_errstring) + { + len_errstring += strlen (objname) + 1; + local_errstring = alloca (len_errstring); + memcpy (local_errstring, errstring, len_errstring); + objname = local_errstring + len_errstring; + } + else + { + local_errstring = alloca (len_errstring); + memcpy (local_errstring, errstring, len_errstring); + } + if (errstring != _dl_out_of_memory) free ((char *) errstring); Jakub
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |